Where Do I Begin?

It does seem overwhelming, doesn't it? Yet I like to break down what needs done into three primary areas -- Network Security, Incident Recovery, and Risk Management. Let's consider each of these areas separately.

Network Security

In today’s interconnected world, maintaining network security is simply a cost of doing business and must be treated as such. There is no single solution to cybersecurity; instead the best approach is a layered implementation. I recommend a business or organization begin with these steps —

Review: Take stock of the current state of computers, operating systems, network devices (switches, routers, controllers, radios, control systems, etc) WAN links, and other components. This would be a good time to contract with us for a Cybersecurity Assessment so that your network can be evaluated from an impartial perspective.

Plan: Begin with a well-respected plan like The Critical Security Controls for Effective Cyber Defense maintained by the Council on Cybersecurity or a different plan appropriate for your industry. Evaluate where you want to go against this plan and what is appropriate in your context.

This is also a good time to review your IT policies. No one enjoys crafting policy, but good written statements are the starting point for handling the various legal issues involved in Cybersecurity.

Implement: Start with the “First Five Quick Wins” from this plan and implement more of your plan in a staged rollout.

Monitor: Continuous network monitoring is a must to know the state of your network. How can you know if your defenses have been breached if you're not continuously monitoring these defenses? For starters, I would suggest monitoring device logs, netflow information, antivirus defenses, and availability of the most important business processes.

Educate: Obviously your technical staff needs training. But an awareness program for your users can also pay big dividends. A great free tool for user awareness can be found at Ouch!

Incident Recovery

Unfortunately, the chances are good that at some point your network will be breached. Because of that likelihood, it is imperative that you plan now how you will recover if that breach should happen. Planning for incident recovery usually involves these major steps.

Evaluate: Just how much downtime could your company endure and yet survive? Do you have critical services that customers depend on that need to be always on? Do you need a backup network immediately available? How quickly do you need to be able to recover your data?

Data Recovery: We all know we should have data backups, but far too many organizations don't have a dependable backup plan and solution. Any data recovery solution needs to plan for recovery of both local and cloud-stored data.

Local Data: All the data stored on various computers needs to be evaluated for backup requirements. Once a backup plan is created, the next important step is to test recovery based on that backup plan. It is far too common for backups to be regularly created, only to discover upon attempted recovery that some key file is missing. Plan, and then test your plan.

Cloud Data: Cloud providers come under attack, go broke, or otherwise have system failures. It is also possible for your cloud data to be unavailable because of a legal action from some government, even if that legal action isn't directed against you. Plus, internet access can fail which will limit the accessibility of your cloud stored data. I recommend that you plan for a backup of all cloud stored data.

Network Recovery: You also need to consider your plans in case your network is unusable. Do you need to rent an alternative network as a backup? Could much of your processing move to a cloud provider like Microsoft Azure? Or do you have enough leeway that you could wait for a vendor to provide new equipment? These questions need to be settled before an emergency.

Legal: Perhaps one of the trickier questions to consider is what your legal liabilities are in the event of a data breach. Do you have customers in the European Union or one of the states with stricter breach notification laws? Do you handle Personally Identifiable Information (PII)? If so, how would you handle a loss of customer PII? Do you have contracts with customers that would be affected in a network breach? What are the legal requirements in your jurisdiction? And do you want to get law enforcement involved in any breach? These questions are important to consider before an emergency arises and should be determined in coordination with your legal team.

Risk Management

The risk of a cybersecurity event is just a normal part of business today. Because of that risk, it would be wise to consider cybersecurity insurance. A number of companies provide policies in this realm. I prefer a policy that includes resources to help the business recover from a cyber event as well as provides coverage for any customer or client losses.

Conclusion

I know that this whole process can seem pretty overwhelming. Feel free to contact us so we can help your business create a plan to withstand cybersecurity incidents.